[Forgot Password]
Login  Register Subscribe

24002

 
 

127027

 
 

102010

 
 

909

 
 

81374

 
 

133

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:22932
This policy setting allows users to shut down Windows Vista?based computers from remote locations on the network. Anyone who has been assigned this user right can cause a denial of service (DoS) condition, which would make the computer unavailable to service user requests. Therefore, Microsoft recom ...

oval:org.secpod.oval:def:22811
This subcategory reports when an AD DS object is accessed. Only objects with SACLs cause audit events to be generated, and only when they are accessed in a manner that matches their SACL. These events are similar to the directory service access events in previous versions of Windows Server. This sub ...

oval:org.secpod.oval:def:22930
This subcategory reports when connections are allowed or blocked by WFP. These events can be high in volume. Events for this subcategory include: ? 5031: The Windows Firewall Service blocked an application from accepting incoming connections on the network. ? 5154: The Windows Filtering Platform has ...

oval:org.secpod.oval:def:22938
Disable this policy setting to prevent the SMB redirector from sending plaintext passwords during authentication to third-party SMB servers that do not support password encryption. Microsoft recommends that you disable this policy setting unless there is a strong business case to enable it. If this ...

oval:org.secpod.oval:def:22817
This policy setting determines whether the system shuts down if it is unable to log Security events. It is a requirement for Trusted Computer System Evaluation Criteria (TCSEC)-C2 and Common Criteria certification to prevent auditable events from occurring if the audit system is unable to log them. ...

oval:org.secpod.oval:def:22937
This policy setting determines whether the account name of the last user to log on to the client computers in your organization will be displayed in each computer's respective Windows logon screen. Enable this policy setting to prevent intruders from collecting account names visually from t ...

oval:org.secpod.oval:def:22804
This policy setting determines which registry paths will be accessible after referencing the WinReg key to determine access permissions to the paths. Note: This setting does not exist in Windows XP. There was a setting with that name in Windows XP, but it is called Network access: Remotely accessib ...

oval:org.secpod.oval:def:22806
Directs Windows Installer to use system permissions when it installs any program on the system. This setting extends elevated privileges to all programs. These privileges are usually reserved for programs that have been assigned to the user (offered on the desktop), assigned to the computer (instal ...

oval:org.secpod.oval:def:28111
This policy setting allows you to control how BitLocker-protected operating system drives are recovered in the absence of the required startup key information. This policy setting is applied when you turn on BitLocker. The Allow certificate-based data recovery agent check box is used to specify whe ...

oval:org.secpod.oval:def:22912
This policy setting determines the strength of the default discretionary access control list (DACL) for objects. The setting helps secure objects that can be located and shared among processes and its default configuration strengthens the DACL, because it allows users who are not administrators to r ...

oval:org.secpod.oval:def:22915
This subcategory reports changes to objects in Active Directory Domain Services (AD DS). The types of changes that are reported are create, modify, move, and undelete operations that are performed on an object. DS Change auditing, where appropriate, indicates the old and new values of the changed pr ...

oval:org.secpod.oval:def:28345
The registry value entry EnableICMPRedirect was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ registry key. The entry appears as MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes in the SCE. Internet Control M ...

oval:org.secpod.oval:def:28581
Enables or disables the Store offer to update to the latest version of Windows. If you enable this setting, the Store application will not offer updates to the latest version of Windows. If you disable or do not configure this setting the Store application will offer updates to the latest version ...

oval:org.secpod.oval:def:22904
This subcategory reports other account management events. Events for this subcategory include: ? 4782: The password hash an account was accessed. ? 4793: The Password Policy Checking API was called. Refer to the Microsoft Knowledgebase article ?Description of security events in Windows Vista and in ...

oval:org.secpod.oval:def:28212
This policy setting allows you to set the encryption types that Kerberos is allowed to use. This policy is supported on at least Windows 7 or Windows Server 2008 R2. This policy setting allows you to set the encryption types that Kerberos is allowed to use. Fix: (1) GPO: Computer Configuration\W ...

oval:org.secpod.oval:def:28335
This policy setting configures whether or not removable data drives formatted with the FAT file system can be unlocked and viewed on computers running Windows Server 2008, Windows Vista, Windows XP with Service Pack 3 (SP3), or Windows XP with Service Pack 2 (SP2) operating systems. If this policy ...

oval:org.secpod.oval:def:28579
Enables or disables the automatic download and installation of app updates. If you enable this setting, the automatic download and installation of app updates is turned off. If you disable this setting, the automatic download and installation of app updates is turned on. If you don't con ...

oval:org.secpod.oval:def:28216
This policy setting allows you to control how BitLocker-protected fixed data drives are recovered in the absence of the required credentials. This policy setting is applied when you turn on BitLocker. The Allow data recovery agent check box is used to specify whether a data recovery agent can be us ...

oval:org.secpod.oval:def:22735
This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user. - Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevati ...

oval:org.secpod.oval:def:22855
This policy setting determines whether a user can log on to a Windows domain using cached account information. Logon information for domain accounts can be cached locally to allow users to log on even if a domain controller cannot be contacted. This policy setting determines the number of unique use ...

oval:org.secpod.oval:def:22975
This policy setting allows other users on the network to connect to the computer and is required by various network protocols that include Server Message Block (SMB)?based protocols, NetBIOS, Common Internet File System (CIFS), and Component Object Model Plus (COM+). When configuring a user right i ...

oval:org.secpod.oval:def:22854
This subcategory reports changes in policy rules used by the Microsoft Protection Service (MPSSVC.exe). This service is used by Windows Firewall and by Microsoft OneCare. Events for this subcategory include: ? 4944: The following policy was active when the Windows Firewall started. ? 4945: A rule wa ...

oval:org.secpod.oval:def:22852
This policy setting allows administrators to enable the more precise auditing capabilities present in Windows Vista. The Audit Policy settings available in Windows Server 2003 Active Directory do not yet contain settings for managing the new auditing subcategories. To properly apply the auditing po ...

oval:org.secpod.oval:def:22973
The registry value entry AutoAdminLogon was added to the template file in the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ registry key. The entry appears as MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) in the Security Configuration Editor. This settin ...

oval:org.secpod.oval:def:22848
This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to %ProgramFiles%, %Windir%, %Windir%\system32, or HKLM\Software. Th ...

oval:org.secpod.oval:def:22962
This policy setting determines whether case insensitivity is enforced for all subsystems. The Microsoft Win32? subsystem is case insensitive. However, the kernel supports case sensitivity for other subsystems, such as the Portable Operating System Interface for UNIX (POSIX). Because Windows is case ...

oval:org.secpod.oval:def:22849
This subcategory reports other object access-related events such as Task Scheduler jobs and COM+ objects. Events for this subcategory include: ? 4671: An application attempted to access a blocked ordinal through the TBS. ? 4691: Indirect access to an object was requested. ? 4698: A scheduled task wa ...

oval:org.secpod.oval:def:22851
This policy setting determines whether a domain member can periodically change its computer account password. If you enable this policy setting, the domain member will be prevented from changing its computer account password. If you disable this policy setting, the domain member can change its compu ...

oval:org.secpod.oval:def:22730
This subcategory reports when Certification Services operations are performed. Events for this subcategory include: ? 4868: The certificate manager denied a pending certificate request. ? 4869: Certificate Services received a resubmitted certificate request. ? 4870: Certificate Services revoked a ce ...

oval:org.secpod.oval:def:28033
This policy setting directs Windows Installer to use elevated permissions when it installs any program on the system. If you enable this policy setting, privileges are extended to all programs. These privileges are usually reserved for programs that have been assigned to the user (offered on the de ...

oval:org.secpod.oval:def:27188
This policy setting controls whether a BitLocker-protected computer that is connected to a trusted wired Local Area Network (LAN) and joined to a domain can create and use Network Key Protectors on TPM-enabled computers to automatically unlock the operating system drive when the computer is started. ...

oval:org.secpod.oval:def:22834
This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account. The options are: - Enabled: The built-in Administrator account uses Admin Approval Mode. By default, any operation that requires elevation of privilege will prompt the user to approve the opera ...

oval:org.secpod.oval:def:22839
This policy setting determines what happens when the smart card for a logged-on user is removed from the smart card reader. This policy setting determines what happens when the smart card for a logged on user is removed from the smart card reader. Fix: (1) GPO: Computer Configuration\Windows Sett ...

oval:org.secpod.oval:def:22718
This policy setting determines how network logons that use local accounts are authenticated. The Classic option allows precise control over access to resources, including the ability to assign different types of access to different users for the same resource. The Guest only option allows you to tre ...

oval:org.secpod.oval:def:28389
The registry value entry PerformRouterDiscovery was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ registry key. The entry appears as MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to Do ...

oval:org.secpod.oval:def:27296
This policy setting controls whether Windows will download a list of providers for the Web publishing and online ordering wizards. Fix: (1) GPO: Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings!Setting controls whether Windows ...

oval:org.secpod.oval:def:28138
This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards. These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default, Windows displays pro ...

oval:org.secpod.oval:def:28130
This policy setting allows you to configure whether or not enhanced startup PINs are used with BitLocker. Enhanced startup PINs permit the use of characters including uppercase and lowercase letters, symbols, numbers, and spaces. This policy setting is applied when you turn on BitLocker. If you en ...

oval:org.secpod.oval:def:28375
Windows 7 and Windows Server 2008 R2 introduce an extension to the Negotiate authentication package, Spnego.dll. In previous versions of Windows, Negotiate decides whether to use Kerberos or NTLM for authentication. The extension SSP for Negotiate, Negoexts, which is treated as an authentication pro ...

oval:org.secpod.oval:def:28496
This policy setting turns off the Windows Location Provider feature for this computer. If you enable this policy setting, the Windows Location Provider feature will be turned off, and all programs on this computer will not be able to use the Windows Location Provider feature. If yo ...

oval:org.secpod.oval:def:23074
Logon information is required to unlock a locked computer. For domain accounts, the Interactive logon: Require Domain Controller authentication to unlock workstation setting determines whether it is necessary to contact a domain controller to unlock a computer. If you enable this setting, a domain c ...

oval:org.secpod.oval:def:27674
This policy setting specifies whether Search Companion should automatically download content updates during local and Internet searches. This policy setting specifies whether Search Companion should automatically download content updates during local and Internet searches. Fix: (1) GPO: Computer ...

oval:org.secpod.oval:def:27673
The registry value entry NoNameReleaseOnDemand was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netbt\ Parameters\ registry key. The entry appears as MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS ser ...

oval:org.secpod.oval:def:27314
By default, users can add their computer to a homegroup on a home network. If you enable this policy setting, a user on this computer will not be able to add this computer to a homegroup. This setting does not affect other network sharing features. If you disable or do not configure this policy se ...

oval:org.secpod.oval:def:28507
This policy setting specifies whether to allow printing over HTTP from this client. Printing over HTTP allows a client to print to printers on the intranet as well as the Internet. Note: This policy setting affects the client side of Internet printing only. It does not prevent this computer from a ...

oval:org.secpod.oval:def:27659
This policy setting specifies the constraints for passwords used to unlock BitLocker-protected operating system drives. If non-TPM protectors are allowed on operating system drives, you can provision a password, enforce complexity requirements on the password, and configure a minimum length for the ...

oval:org.secpod.oval:def:27784
This policy setting configures whether BitLocker protection is required for a computer to be able to write data to a removable data drive. If you enable this policy setting, all removable data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLock ...

oval:org.secpod.oval:def:27663
This policy setting controls computer restart performance at the risk of exposing BitLocker secrets. This policy setting is applied when you turn on BitLocker. BitLocker secrets include key material used to encrypt data. This policy setting applies only when BitLocker protection is enabled. If you ...

oval:org.secpod.oval:def:27783
This policy setting specifies whether a password is required to unlock BitLocker-protected fixed data drives. If you choose to permit the use of a password, you can require that a password be used, enforce complexity requirements on the password, and configure a minimum length for the password. For ...

oval:org.secpod.oval:def:27662
This policy setting allows you to configure whether or not standard users are allowed to change BitLocker volume PINs, provided they are able to provide the existing PIN first. This policy setting is applied when you turn on BitLocker. If you enable this policy setting, standard users will not be ...

oval:org.secpod.oval:def:23061
Allow NTLM to fall back to NULL session when used with LocalSystem. The default is TRUE up to Windows Vista and FALSE in Windows 7. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options!Allow NTLM to fall back to NULL session when used with LocalS ...

oval:org.secpod.oval:def:27665
This policy setting allows you to configure whether BitLocker requires additional authentication each time the computer starts and whether you are using BitLocker with or without a Trusted Platform Module (TPM). This policy setting is applied when you turn on BitLocker. Note: Only one of the additi ...

oval:org.secpod.oval:def:27664
This policy setting allows you to associate unique organizational identifiers to a new drive that is enabled with BitLocker. These identifiers are stored as the identification field and allowed identification field. The identification field allows you to associate a unique organizational identifier ...

oval:org.secpod.oval:def:27666
This policy setting allows you to choose specific Boot Configuration Data (BCD) settings to verify during platform validation. If you enable this policy setting, you will be able to add additional settings, remove the default settings, or both. If you disable this policy setting, the computer will ...

oval:org.secpod.oval:def:27668
The registry value entry Hidden was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Lanmanserver\Parameters\ registry key. The entry appears as MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments) in the SCE. ...

oval:org.secpod.oval:def:27789
This policy setting configures whether or not fixed data drives formatted with the FAT file system can be unlocked and viewed on computers running Windows Server 2008, Windows Vista, Windows XP with Service Pack 3 (SP3), or Windows XP with Service Pack 2 (SP2) operating systems. If this policy sett ...

oval:org.secpod.oval:def:23067
This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If you enable this policy setting, local accounts that have blank passwords will not be able to log on to the network from remote clien ...

oval:org.secpod.oval:def:27780
This policy setting allows you to specify whether smart cards can be used to authenticate user access to BitLocker-protected removable data drives on a computer. If you enable this policy setting smart cards can be used to authenticate user access to the drive. You can require a smart card authenti ...

oval:org.secpod.oval:def:27661
This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer. This policy setting is applied when you turn on BitLocker. If you enable this policy setting, all fixed data drives that are not BitLocker-protected will be mounted as read-on ...

oval:org.secpod.oval:def:27660
This policy setting specifies whether a password is required to unlock BitLocker-protected removable data drives. If you choose to allow use of a password, you can require a password to be used, enforce complexity requirements, and configure a minimum length. For the complexity requirement setting t ...

oval:org.secpod.oval:def:27658
This policy setting allows you to manage BitLocker?s use of hardware-based encryption on operating system drives and specify which encryption algorithms it can use with hardware-based encryption. Using hardware-based encryption can improve performance of drive operations that involve frequent readin ...

oval:org.secpod.oval:def:27657
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protecti ...

oval:org.secpod.oval:def:27650
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protecti ...

oval:org.secpod.oval:def:27517
By default, all administrator accounts are displayed when you attempt to elevate a running application. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Credential User Interface!Enumerate administrator accounts on elevation (2) REG: HKEY_LOCAL_MACHINE\Software\Mic ...

oval:org.secpod.oval:def:23041
This subcategory reports on the activities of the Internet Protocol security (IPsec) driver. Events for this subcategory include: ? 4960: IPsec dropped an inbound packet that failed an integrity check. If this problem persists, it could indicate a network issue or that packets are being modified in ...

oval:org.secpod.oval:def:27401
This policy setting determines whether to audit the use of all user privileges, including Backup and Restore, when the Audit privilege use setting is in effect. If you enable both policies, an audit event will be generated for every file that is backed up or restored. If the Audit: Audit the use of ...

oval:org.secpod.oval:def:27766
This policy setting allows you to manage BitLocker?s use of hardware-based encryption on fixed data drives and specify which encryption algorithms it can use with hardware-based encryption. Using hardware-based encryption can improve performance of drive operations that involve frequent reading or w ...

oval:org.secpod.oval:def:27524
This policy setting controls the use of BitLocker on removable data drives. This policy setting is applied when you turn on BitLocker. When this policy setting is enabled you can select property settings that control how users can configure BitLocker. Choose Allow users to apply BitLocker protectio ...

oval:org.secpod.oval:def:27523
This policy setting allows you to manage BitLocker?s use of hardware-based encryption on removable data drives and specify which encryption algorithms it can use with hardware-based encryption. Using hardware-based encryption can improve performance of drive operations that involve frequent reading ...

oval:org.secpod.oval:def:27768
This policy setting allows you to control whether or not platform validation data is refreshed when Windows is started following BitLocker recovery. If you enable this policy setting, platform validation data will be refreshed when Windows is started following BitLocker recovery. If you disable th ...

oval:org.secpod.oval:def:27767
This policy setting allows users to enable authentication options that require user input from the pre-boot environment even if the platform indicates lack of pre-boot input capability. The Windows on-screen touch keyboard (such as used by slates) is not available in the pre-boot environment where ...

oval:org.secpod.oval:def:23049
The registry value entry TCPMaxDataRetransmissions was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip \Parameters\ registry key. The entry appears as MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 i ...

oval:org.secpod.oval:def:27464
This policy setting permits users to change installation options that typically are available only to system administrators. If you enable this policy setting, some of the security features of Windows Installer are bypassed. It permits installations to complete that otherwise would be halted due to ...

oval:org.secpod.oval:def:27227
This policy setting determines whether a CD-ROM is accessible to both local and remote users simultaneously. If you enable this policy setting, only the interactively logged-on user is allowed to access removable CD-ROM media. When this policy setting is enabled and no one is logged on interactively ...

oval:org.secpod.oval:def:28423
This policy setting determines whether the Stored User Names and Passwords feature may save passwords or credentials for later use when it gains domain authentication. If you enable this policy setting, the Stored User Names and Passwords feature of Windows does not store passwords and credentials. ...

oval:org.secpod.oval:def:27579
This policy setting specifies whether Windows Messenger can collect anonymous information about how the Windows Messenger software and service is used. This policy setting specifies whether Windows Messenger can collect anonymous information about how the Windows Messenger software and service is u ...

oval:org.secpod.oval:def:27690
This policy setting allows you to disable the client computer?s ability to print over HTTP, which allows the computer to print to printers on the intranet as well as the Internet. This policy setting allows you to disable the client computer?s ability to print over HTTP, which allows the computer t ...

oval:org.secpod.oval:def:27691
The registry value entry NoDefaultExempt was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IPSEC\ registry key. The entry appears as MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic in the SCE. The default exemptions to ...

oval:org.secpod.oval:def:23085
This policy setting determines whether users must press CTRL+ALT+DEL before they log on. If you enable this policy setting, users can log on without this key combination. If you disable this policy setting, users must press CTRL+ALT+DEL before they log on to Windows unless they use a smart card for ...

oval:org.secpod.oval:def:27444
This policy setting allows you to control how BitLocker-protected removable data drives are recovered in the absence of the required credentials. This policy setting is applied when you turn on BitLocker. The Allow data recovery agent check box is used to specify whether a data recovery agent can b ...

oval:org.secpod.oval:def:23081
This subcategory reports each event of distribution group management, such as when a distribution group is created, changed, or deleted or when a member is added to or removed from a distribution group. If you enable this Audit policy setting, administrators can track events to detect malicious, acc ...

oval:org.secpod.oval:def:27688
This policy setting allows you to specify whether smart cards can be used to authenticate user access to the BitLocker-protected fixed data drives on a computer. If you enable this policy setting smart cards can be used to authenticate user access to the drive. You can require a smart card authenti ...

oval:org.secpod.oval:def:27953
This policy setting determines which users or groups might access DCOM application remotely or locally. This setting is used to control the attack surface of the computer for DCOM applications. You can use this policy setting to specify access permissions to all the computers to particular users fo ...

oval:org.secpod.oval:def:27818
Prevents the Screen Saver dialog from opening in the Personalization or Display Control Panel. This setting prevents users from using Control Panel to add, configure, or change the screen saver on the computer. It does not prevent a screen saver from running. Fix: (1) GPO: User Configuration\Admi ...

oval:org.secpod.oval:def:27912
This policy setting allows you to turn on or turn off Solicited (Ask for) Remote Assistance on this computer. If you enable this policy setting, users on this computer can use email or file transfer to ask someone for help. Also, users can use instant messaging programs to allow connections to this ...

oval:org.secpod.oval:def:23029
This policy setting makes the Recovery Console SET command available, which allows you to set the following recovery console environment variables: - AllowWildCards. Enables wildcard support for some commands (such as the DEL command). - AllowAllPaths. Allows access to all files and folders on the c ...

oval:org.secpod.oval:def:27514
This policy setting allows you to manage configuration of remote access to all supported shells to execute scripts and commands. This policy setting allows you to manage configuration of remote access to all supported shells to execute scripts and commands. Fix: (1) GPO: Computer Configuration\Ad ...

oval:org.secpod.oval:def:23026
This policy setting determines which behaviors are allowed for applications using the NTLM Security Support Provider (SSP). The SSP Interface (SSPI) is used by applications that need authentication services. The setting does not modify how the authentication sequence works but instead require certai ...

oval:org.secpod.oval:def:23024
This policy setting determines the level of data signing that is requested on behalf of clients that issue LDAP BIND requests, as follows: - None. The LDAP BIND request is issued with the caller-specified options. - Negotiate signing. If Transport Layer Security/Secure Sockets Layer (TLS/SSL) has no ...

oval:org.secpod.oval:def:23020
This policy setting determines who is allowed to format and eject removable media. You can use this policy setting to prevent unauthorized users from removing data on one computer to access it on another computer on which they have local administrator privileges. This policy setting determines who ...

oval:org.secpod.oval:def:27849
This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used. With the Customer Experience Improvement program, users can allow Microsoft to collect anonymous information about how the product is used. This informati ...

oval:org.secpod.oval:def:27851
This policy setting allows you to manage the installation of app packages that do not originate from the Windows Store. If you enable this policy setting, you can install any trusted app package. A trusted app package is one that is signed with a certificate chain that can be successfully validated ...

oval:org.secpod.oval:def:23016
The registry value entry TCPMaxDataRetransmissions for IPv6 was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip6\Parameters\ registry key. The entry appears as MSS: (TcpMaxDataRetransmissions) IPv6 How many times unacknowledged data is retransmitted (3 re ...

oval:org.secpod.oval:def:23015
When this policy setting is enabled, a secure channel can only be established with domain controllers that are capable of encrypting secure channel data with a strong (128-bit) session key. To enable this policy setting, all domain controllers in the domain must be able to encrypt secure channel da ...

oval:org.secpod.oval:def:23014
This subcategory reports on other system events. Events for this subcategory include: ? 5024 : The Windows Firewall Service has started successfully. ? 5025 : The Windows Firewall Service has been stopped. ? 5027 : The Windows Firewall Service was unable to retrieve the security policy from the loca ...

oval:org.secpod.oval:def:27844
This policy setting allows you to configure whether Secure Boot will be allowed as the platform integrity provider for BitLocker operating system drives. Secure Boot ensures that the PC's pre-boot environment only loads firmware that is digitally signed by authorized software publishers. S ...

oval:org.secpod.oval:def:23002
This policy setting determines whether the virtual memory pagefile is cleared when the system is shut down. When this policy setting is enabled, the system pagefile is cleared each time that the system shuts down properly. If you enable this security setting, the hibernation file (Hiberfil.sys) is z ...

oval:org.secpod.oval:def:22896
This policy setting determines which users can create symbolic links. In Windows Vista, existing NTFS file system objects, such as files and folders, can be accessed by referring to a new kind of file system object called a symbolic link. A symbolic link is a pointer (much like a shortcut or .lnk fi ...

oval:org.secpod.oval:def:22766
This policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop. The options are: - Enabled: (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators an ...

oval:org.secpod.oval:def:22887
The policy setting allows programs that run on behalf of a user to impersonate that user (or another specified account) so that they can act on behalf of the user. If this user right is required for this kind of impersonation, an unauthorized user will not be able to convince a client to connect?for ...

oval:org.secpod.oval:def:22886
The recovery console is a command-line environment that is used to recover from system problems. If you enable this policy setting, the administrator account is automatically logged on to the recovery console when it is invoked during startup. This policy setting allows the administrator account to ...

oval:org.secpod.oval:def:22892
This subcategory reports the events that occur in response to credentials submitted for a user account logon request that do not relate to credential validation or Kerberos tickets. These events occur on the computer that is authoritative for the credentials. For domain accounts, the domain controll ...

oval:org.secpod.oval:def:22999
The registry value entry WarningLevel was added to the template file in the HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Services\Eventlog\Security\ registry key. The entry appears as MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning in t ...

oval:org.secpod.oval:def:22998
This policy setting determines whether a computer can be shut down when a user is not logged on. If this policy setting is enabled, the shutdown command is available on the Windows logon screen. Microsoft recommends to disable this policy setting to restrict the ability to shut down the computer to ...

oval:org.secpod.oval:def:22883
This security setting determines which users are prevented from logging on at the computer. This policy setting supersedes the Allow log on locally policy setting if an account is subject to both policies.Important:If you apply this security policy to the Everyone group, no one will be able to log o ...

oval:org.secpod.oval:def:22760
This subcategory reports detailed information about the information replicating between domain controllers. These events can be very high in volume. Events for this subcategory include: ? 4928: An Active Directory replica source naming context was established. ? 4929 : An Active Directory replica so ...

oval:org.secpod.oval:def:22867
This subcategory reports when replication between two domain controllers begins and ends. Events for this subcategory include: ? 4932: Synchronization of a replica of an Active Directory naming context has begun. ? 4933: Synchronization of a replica of an Active Directory naming context has ended. ...

oval:org.secpod.oval:def:22745
The registry value entry SafeDllSearchMode was added to the template file in the HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Control\Session Manager\ registry key. The entry appears as MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) in the SCE. The DLL search order can be config ...

oval:org.secpod.oval:def:22866
This policy setting determines if the server side SMB service is able to sign SMB packets if it is requested to do so by a client that attempts to establish a connection. If no signing request comes from the client, a connection will be allowed without a signature if the Microsoft network server: Di ...

oval:org.secpod.oval:def:22872
This policy setting determines which users or groups have the right to log on as a Terminal Services client. Remote desktop users require this user right. If your organization uses Remote Assistance as part of its help desk strategy, create a group and assign it this user right through Group Policy. ...

oval:org.secpod.oval:def:22797
This policy setting controls the behavior of the elevation prompt for administrators. The options are: - Elevate without prompting: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials. Note: Use this option only in the most constraine ...

oval:org.secpod.oval:def:22796
This subcategory reports when a user account or service uses a non-sensitive privilege. A non-sensitive privilege includes the following user rights: Access Credential Manager as a trusted caller, Access this computer from the network, Add workstations to domain, Adjust memory quotas for a process, ...

oval:org.secpod.oval:def:22812
This subcategory reports each event of security group management, such as when a security group is created, changed, or deleted or when a member is added to or removed from a security group. If you enable this Audit policy setting, administrators can track events to detect malicious, accidental, and ...

oval:org.secpod.oval:def:22810
This policy setting determines whether the operating system stores passwords in a way that uses reversible encryption, which provides support for application protocols that require knowledge of the user's password for authentication purposes. Passwords that are stored with reversible encryp ...

oval:org.secpod.oval:def:28249
Disabling data execution prevention can allow certain legacy plug-in applications to function without terminating Explorer. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\File Explorer!Turn off Data Execution Prevention for Explorer (2) REG: HKEY_LOCAL_MACHINE\So ...

oval:org.secpod.oval:def:22924
This subcategory reports when a user account or service uses a sensitive privilege. A sensitive privilege includes the following user rights: Act as part of the operating system, Back up files and directories, Create a token object, Debug programs, Enable computer and user accounts to be trusted fo ...

oval:org.secpod.oval:def:22920
If the Password protect the screen saver setting is enabled, then all screen savers are password protected, if it is disabled then password protection cannot be set on any screen saver. If this setting is enabled, then all screen savers are password protected. Fix: (1) GPO: User Configuration\Admi ...

oval:org.secpod.oval:def:22808
This policy setting determines whether the Transport Layer Security/Secure Sockets Layer (TLS/SSL) Security Provider supports only the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite. Although this policy setting increases security, most public Web sites that are secured with TLS or SSL do not support th ...

oval:org.secpod.oval:def:22807
Audit Policy: Privilege Use: Other Privilege Use Events This subcategory is not used. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Privilege Use!Audit Policy: Privilege Use: Other Privilege Use Events (2) REG: NO REGI ...

oval:org.secpod.oval:def:22914
This policy setting determines the number of renewed, unique passwords that have to be associated with a user account before you can reuse an old password. The value for this policy setting must be between 0 and 24 passwords. The default value for Windows Vista is 0 passwords, but the default settin ...

oval:org.secpod.oval:def:22916
LAN Manager (LM) is a family of early Microsoft client/server software that allows users to link personal computers together on a single network. Network capabilities include transparent file and print sharing, user security features, and network administration tools. In Active Directory domains, th ...

oval:org.secpod.oval:def:22903
This subcategory reports the results of Internet Key Exchange (IKE) protocol and Authenticated Internet Protocol (AuthIP) during Main Mode negotiations. Events for this subcategory include: ? 4646: IKE DoS-prevention mode started. ? 4650: An IPsec Main Mode security association was established. Exte ...

oval:org.secpod.oval:def:22901
This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. If you disable or do not configure th ...

oval:org.secpod.oval:def:22900
When enabled, this policy setting restricts anonymous access to only those shares and pipes that are named in the Network access: Named pipes that can be accessed anonymously and Network access: Shares that can be accessed anonymously settings. This policy setting controls null session access to sh ...

oval:org.secpod.oval:def:22907
This subcategory reports when a handle to an object is opened or closed. Only objects with SACLs cause these events to be generated, and only if the attempted handle operation matches the SACL. Handle Manipulation events are only generated for object types where the corresponding Object Access subca ...

oval:org.secpod.oval:def:22906
This subcategory reports when a user's account is locked out as a result of too many failed logon attempts. Events for this subcategory include: ? 4625: An account failed to log on. Refer to the Microsoft Knowledgebase article ?Description of security events in Windows Vista and in Windows ...

oval:org.secpod.oval:def:22856
This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. If you disable or do not configure th ...

oval:org.secpod.oval:def:27190
Dictates whether or not Windows is allowed to use standby states when sleeping the computer. When this policy is enabled, Windows may use standby states to sleep the computer. If this policy is disabled, the only sleep state a computer may enter is hibernate. Fix: (1) GPO: Computer Configuration\ ...

oval:org.secpod.oval:def:22982
The registry value entry DisableIPSourceRouting was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ registry key. The entry appears as MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) in the S ...

oval:org.secpod.oval:def:22981
This subcategory reports the addition and removal of objects from WFP, including startup filters. These events can be very high in volume. Events for this subcategory include: ? 4709: IPsec Services was started. ? 4710: IPsec Services was disabled. ? 4711: May contain any one of the following: - ...

oval:org.secpod.oval:def:22727
This policy setting controls the ability of anonymous users to enumerate the accounts in the Security Accounts Manager (SAM). If you enable this policy setting, users with anonymous connections cannot enumerate domain account user names on the workstations in your environment. This policy setting al ...

oval:org.secpod.oval:def:22726
Windows notices inactivity of a logon session, and if the amount of inactive time exceeds the inactivity limit, then the screen saver will run, locking the session. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options!Interactive logon: Machine in ...

oval:org.secpod.oval:def:22967
This subcategory reports when a user logs off from the system. These events occur on the accessed computer. For interactive logons, the generation of these events occurs on the computer that is logged on to. If a network logon takes place to access a share, these events generate on the computer that ...

oval:org.secpod.oval:def:22845
This policy setting prohibits users from connecting to a computer from across the network, which would allow users to access and potentially modify data remotely. In high security environments, there should be no need for remote users to access data on a computer. Instead, file sharing should be acc ...

oval:org.secpod.oval:def:22844
This subcategory reports when a special logon is used. A special logon is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level. Events for this subcategory include: ? 4964 : Special groups have been assigned to a new logon. Refer to the Microso ...

oval:org.secpod.oval:def:22850
If the Screen Saver Timeout setting is enabled, then the screen saver will be launched when the specified amount of time has passed since the last user action. Valid values range from 1 to 89,400 seconds (24 hours). The setting has no effect if the wait time is set to zero or no screen saver has bee ...

oval:org.secpod.oval:def:27185
This policy setting allows you to allow or deny remote access to the Plug and Play interface. If you enable this policy setting, remote connections to the Plug and Play interface are allowed. Fix: (1) GPO: (2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!A ...

oval:org.secpod.oval:def:22958
This policy setting causes the run once list, which is the list of programs that Windows Vista runs automatically when it starts, to be ignored. This policy setting differs from the Do not process the legacy run list setting in that programs on this list will run once the next time the client comput ...

oval:org.secpod.oval:def:22837
This policy setting determines whether the LAN Manager (LM) hash value for the new password is stored when the password is changed. The LM hash is relatively weak and prone to attack compared to the cryptographically stronger Microsoft Windows NT? hash. Note Older operating systems and some third ...

oval:org.secpod.oval:def:22954
This policy setting determines the length of time before the Account lockout threshold resets to zero. The default value for this policy setting is Not Defined. If the Account lockout threshold is defined, this reset time must be less than or equal to the value for the Account lockout duration setti ...

oval:org.secpod.oval:def:22831
This policy setting allows you to manage whether or not screen savers run. If the Screen Saver setting is disabled screen savers do not run and the screen saver section of the Screen Saver tab in Display in Control Panel is disabled. If this setting is enabled a screen saver will run if the followin ...

oval:org.secpod.oval:def:22952
This subcategory reports when packets are dropped by Windows Filtering Platform (WFP). These events can be very high in volume. Events for this subcategory include: ? 5152: The Windows Filtering Platform blocked a packet. ? 5153: A more restrictive Windows Filtering Platform filter has blocked a pac ...

oval:org.secpod.oval:def:22961
This subcategory reports each event of application group management on a computer, such as when an application group is created, changed, or deleted or when a member is added to or removed from an application group. If you enable this Audit policy setting, administrators can track events to detect m ...

oval:org.secpod.oval:def:22947
The machine lockout policy is enforced only on those machines that have Bitlocker enabled for protecting OS volumes. Please ensure that appropriate recovery password backup policies are enabled. This security setting determines the number of failed logon attempts that causes the machine to be locke ...

oval:org.secpod.oval:def:22943
This policy setting determines which behaviors are allowed for applications using the NTLM Security Support Provider (SSP). The SSP Interface (SSPI) is used by applications that need authentication services. The setting does not modify how the authentication sequence works but instead require certai ...

oval:org.secpod.oval:def:22822
This policy setting determines the number of days that you must use a password before you can change it. The range of values for this policy setting is between 1 and 999 days. (You may also set the value to 0 to allow immediate password changes.) The default value for this setting is 0 days. This p ...

oval:org.secpod.oval:def:22820
Specifies whether or not the user is prompted for a password when the system resumes from sleep. Fix: (1) GPO: Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings!Specifies whether or not the user is prompted for a password when the system resumes from sleep. (2 ...

oval:org.secpod.oval:def:22941
This policy setting controls the ability of anonymous users to enumerate SAM accounts as well as shares. If you enable this policy setting, anonymous users will not be able to enumerate domain account user names and network share names on the workstations in your environment. The Network access: Do ...

oval:org.secpod.oval:def:22940
This policy setting determines the length of time that must pass before a locked account is unlocked and a user can try to log on again. The setting does this by specifying the number of minutes a locked out account will remain unavailable. If the value for this policy setting is configured to 0, lo ...

oval:org.secpod.oval:def:22949
This policy setting determines whether a domain member should attempt to negotiate whether all secure channel traffic that it initiates must be digitally signed. Digital signatures protect the traffic from being modified by anyone who captures the data as it traverses the network. Microsoft recomme ...

oval:org.secpod.oval:def:22827
This subcategory reports when a file share is accessed. By itself, this policy setting will not cause auditing of any events. It determines whether to audit the event of a user who accesses a file share object that has a specified system access control list (SACL), effectively enabling auditing to t ...

oval:org.secpod.oval:def:23077
This subcategory reports changes in authentication policy. Events for this subcategory include: ? 4706: A new trust was created to a domain. ? 4707: A trust to a domain was removed. ? 4713: Kerberos policy was changed. ? 4716: Trusted domain information was modified. ? 4717: System security access w ...

oval:org.secpod.oval:def:27672
This policy setting ignores the customized run list. You can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows Vista, Windows XP Professional, and Windows 2000 Professional. These programs are added to the standard run list of ...

oval:org.secpod.oval:def:27427
This policy setting determines whether users' private keys (such as their S-MIME keys) require a password to be used. If you configure this policy setting so that users must provide a password?distinct from their domain password?every time that they use a key, then it will be more difficult ...

oval:org.secpod.oval:def:23069
This policy setting checks all new passwords to ensure that they meet basic requirements for strong passwords. When this policy is enabled, passwords must meet the following minimum requirements: - Not contain the user's account name or parts of the user's full name that exceed tw ...

oval:org.secpod.oval:def:27781
This policy setting ignores customized run-once lists. You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system st ...

oval:org.secpod.oval:def:23064
This subcategory reports generated by Kerberos ticket request processes on the domain controller that is authoritative for the domain account. Events for this subcategory include: ? 4769: A Kerberos service ticket was requested. ? 4770: A Kerberos service ticket was renewed. ? 4773: A Kerberos servi ...

oval:org.secpod.oval:def:23052
This policy setting determines which communication sessions, or pipes, will have attributes and permissions that allow anonymous access. Note: When you configure this setting you specify a list of one or more objects. The delimiter used when entering the list is a line feed or carriage return, that ...

oval:org.secpod.oval:def:23050
This subcategory reports the creation of a process and the name of the program or user that created it. Events for this subcategory include: ? 4688: A new process has been created. ? 4696: A primary token was assigned to process. Refer to the Microsoft Knowledgebase article ?Description of security ...

oval:org.secpod.oval:def:23059
This subcategory reports the loading of extension code such as authentication packages by the security subsystem. Events for this subcategory include: ? 4610: An authentication package has been loaded by the Local Security Authority. ? 4611: A trusted logon process has been registered with the Local ...

oval:org.secpod.oval:def:23055
This subcategory reports when a process terminates. Events for this subcategory include: ? 4689: A process has exited. Refer to the Microsoft Knowledgebase article ?Description of security events in Windows Vista and in Windows Server 2008? for the most recent information about this setting: http:/ ...

oval:org.secpod.oval:def:27770
This policy setting causes the run list, which is a list of programs that Windows runs automatically when it starts, to be ignored. The customized run lists for Windows Vista are stored in the registry at the following locations: - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run - H ...

oval:org.secpod.oval:def:23053
This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following: - ?\Program Files\, including subfolders - ?\Windows\system32\ - ? ...

oval:org.secpod.oval:def:23047
This policy setting determines which registry paths and sub-paths will be accessible when an application or process references the WinReg key to determine access permissions. Note: In Windows XP this setting is called Network access: Remotely accessible registry paths, the setting with that same na ...

oval:org.secpod.oval:def:27475
This policy setting allows you to exclude HTML Help Executable from being monitored by software-enforced DEP. DEP is designed to block malicious code that takes advantage of exception-handling mechanisms in Windows. If you enable this policy setting, DEP for HTML Help Executable will be ...

oval:org.secpod.oval:def:28309
This policy setting specifies whether Terminal Services always prompts the client computer for a password upon connection. You can use this policy setting to enforce a password prompt for users who log on to Terminal Services, even if they already provided the password in the Remote Desktop Connecti ...

oval:org.secpod.oval:def:27576
Antivirus programs are mandatory in many environments and provide a strong defense against attack. The Notify antivirus programs when opening attachments setting allows you to manage how registered antivirus programs are notified. When enabled, this policy setting configures Windows to call the reg ...

oval:org.secpod.oval:def:28409
This policy setting determines which network shares can be accessed by anonymous users. The default configuration for this policy setting has little effect because all users have to be authenticated before they can access shared resources on the server. Note: It can be very dangerous to add other s ...

oval:org.secpod.oval:def:27947
This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) cannot process authentication information supplied in t ...

oval:org.secpod.oval:def:23035
This policy setting determines the least number of characters that make up a password for a user account. There are many different theories about how to determine the best password length for an organization, but perhaps pass phrase is a better term than password. In Microsoft Windows 2000 or later, ...

oval:org.secpod.oval:def:23034
This subcategory reports when applications attempt to generate audit events by using the Windows auditing application programming interfaces (APIs). Events for this subcategory include: ? 4665: An attempt was made to create an application client context. ? 4666: An application attempted an operation ...

oval:org.secpod.oval:def:23019
This policy setting determines which accounts will not be able to log on to the computer as a batch job. A batch job is not a batch (.bat) file, but rather a batch-queue facility. Accounts that use the Task Scheduler to schedule jobs need this user right. The Deny log on as a batch job user right o ...

oval:org.secpod.oval:def:23012
This subcategory reports changes in security state of the system, such as when the security subsystem starts and stops. Events for this subcategory include: ? 4608: Windows is starting up. ? 4609: Windows is shutting down. ? 4616: The system time was changed. ? 4621: Administrator recovered system f ...

oval:org.secpod.oval:def:23010
This subcategory reports other types of security policy changes such as configuration of the Trusted Platform Module (TPM) or cryptographic providers. Events for this subcategory include: ? 4909: The local policy settings for the TBS were changed. ? 4910: The group policy settings for the TBS were c ...

oval:org.secpod.oval:def:23003
This subcategory reports each event of user account management, such as when a user account is created, changed, or deleted; a user account is renamed, disabled, or enabled; or a password is set or changed. If you enable this Audit policy setting, administrators can track events to detect malicious, ...

oval:org.secpod.oval:def:28082
Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication. You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests. If the status is ...

oval:org.secpod.oval:def:22785
This policy setting determines what additional permissions are assigned for anonymous connections to the computer. If you enable this policy setting, anonymous Windows users are allowed to perform certain activities, such as enumerate the names of domain accounts and network shares. An unauthorized ...

oval:org.secpod.oval:def:22768
This subcategory reports when a user attempts to log on to the system. These events occur on the accessed computer. For interactive logons, the generation of these events occurs on the computer that is logged on to. If a network logon takes place to access a share, these events generate on the compu ...

oval:org.secpod.oval:def:22765
This subcategory reports when kernel objects such as processes and mutexes are accessed. Only kernel objects with SACLs cause audit events to be generated, and only when they are accessed in a manner matching their SACL. Typically kernel objects are only given SACLs if the AuditBaseObjects or AuditB ...

oval:org.secpod.oval:def:22764
This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer. The options are: - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy ...

oval:org.secpod.oval:def:22894
This policy setting defines how long a user can use their password before it expires. Values for this policy setting range from 0 to 999 days. If you set the value to 0, the password will never expire. The default value for this policy setting is 42 days. Because attackers can crack passwords, the ...

oval:org.secpod.oval:def:22893
This policy setting controls the behavior of the elevation prompt for standard users. The options are: - Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the oper ...

oval:org.secpod.oval:def:22770
Specifies whether or not the user is prompted for a password when the system resumes from sleep. Fix: (1) GPO: Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings!Specifies whether or not the user is prompted for a password when the system resumes from sleep. (2 ...

oval:org.secpod.oval:def:22891
This policy setting controls the behavior of application installation detection for the computer. The options are: - Enabled: (Default for home) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name and ...

oval:org.secpod.oval:def:22890
This subcategory reports other logon/logoff-related events, such as Terminal Services session disconnects and reconnects, using RunAs to run processes under a different account, and locking and unlocking a workstation. Events for this subcategory include: ? 4649: A replay attack was detected. ? 4778 ...

oval:org.secpod.oval:def:22758
This subcategory reports the results of IKE protocol and AuthIP during Quick Mode negotiations. ? 4654: An IPsec Quick Mode negotiation failed. Events for this subcategory include: ? 4977: During Quick Mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, it could ...

oval:org.secpod.oval:def:22878
This subcategory reports when SAM objects are accessed. Refer to the Microsoft Knowledgebase article ?Description of security events in Windows Vista and in Windows Server 2008? for the most recent information about this setting: http://support.microsoft.com/default.aspx/kb/947226. Fix: (1) GPO: C ...

oval:org.secpod.oval:def:22876
This subcategory reports changes in authorization policy including permissions (DACL) changes. Events for this subcategory include: ? 4704: A user right was assigned. ? 4705: A user right was removed. ? 4706: A new trust was created to a domain. ? 4707: A trust to a domain was removed. ? 4714: Encry ...

oval:org.secpod.oval:def:22997
This subcategory reports on violations of integrity of the security subsystem. Events for this subcategory include: ? 4612 : Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits. ? 4615 : Invalid use of LPC port. ? 4618 : A monitored ...

oval:org.secpod.oval:def:22996
This subcategory reports the results of validation tests on credentials submitted for a user account logon request. These events occur on the computer that is authoritative for the credentials. For domain accounts, the domain controller is authoritative, whereas for local accounts, the local compute ...

oval:org.secpod.oval:def:22762
This policy setting controls Event Log behavior when the log file reaches its maximum size. If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost. If you disable or do not configure this policy setting and a log file reaches i ...

oval:org.secpod.oval:def:22761
This subcategory reports when registry objects are accessed. Only registry objects with SACLs cause audit events to be generated, and only when they are accessed in a manner matching their SACL. By itself, this policy setting will not cause auditing of any events. It determines whether to audit the ...

oval:org.secpod.oval:def:22881
This subcategory reports when file system objects are accessed. Only file system objects with SACLs cause audit events to be generated, and only when they are accessed in a manner matching their SACL. By itself, this policy setting will not cause auditing of any events. It determines whether to audi ...

oval:org.secpod.oval:def:22880
This entry appears as MSS: (DisableIPSourceRouting) IPv6 source routing protection level (protects against packet spoofing) in the SCE. IP source routing is a mechanism that allows the sender to determine the IP route that a datagram should follow through the network. Fix: (1) GPO: Computer Config ...

oval:org.secpod.oval:def:22748
This subcategory reports each event of computer account management, such as when a computer account is created, changed, deleted, renamed, disabled, or enabled. Events for this subcategory include: ? 4741: A computer account was created. ? 4742: A computer account was changed. ? 4743: A computer acc ...

oval:org.secpod.oval:def:22989
This subcategory reports changes in audit policy including SACL changes. Events for this subcategory include: ? 4715: The audit policy (SACL) on an object was changed. ? 4719: System audit policy was changed. ? 4902: The Per-user audit policy table was created. ? 4904: An attempt was made to registe ...

oval:org.secpod.oval:def:22987
This subcategory reports encrypt or decrypt calls into the data protections application interface (DPAPI). DPAPI is used to protect secret information such as stored password and key information. Events for this subcategory include: ? 4692: Backup of data protection master key was attempted. ? 4693: ...

oval:org.secpod.oval:def:22984
The registry value entry ScreenSaverGracePeriod was added to the template file in the HKEY_LOCAL_MACHINE\SYSTEM\Software\Microsoft\ Windows NT\CurrentVersion\Winlogon\ registry key. The entry appears as MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 ...

oval:org.secpod.oval:def:22873
This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. If you disable or do not configure th ...

oval:org.secpod.oval:def:22752
This subcategory reports remote procedure call (RPC) connection events. Events for this subcategory include: ? 5712: A Remote Procedure Call (RPC) was attempted. Refer to the Microsoft Knowledgebase article ?Description of security events in Windows Vista and in Windows Server 2008? for the most re ...

oval:org.secpod.oval:def:22871
This subcategory reports the results of AuthIP during Extended Mode negotiations. Events for this subcategory include: ? 4978: During Extended Mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, it could indicate a network issue or an attempt to modify or replay ...

oval:org.secpod.oval:def:22870
This policy setting determines whether the Guest account is enabled or disabled. The Guest account allows unauthenticated network users to gain access to the system. Note that this setting will have no impact when applied to the domain controller organizational unit via group policy because domain c ...

oval:org.secpod.oval:def:22799
This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local ...

oval:org.secpod.oval:def:22798
This policy setting allows you to turn off the Autoplay feature. Autoplay begins reading from a drive as soon as you insert media in the drive. As a result, the setup file of programs and the music on audio media start immediately. Prior to Windows XP SP2, Autoplay is disabled ...

CPE    1
cpe:/o:microsoft:windows_server_2012::r2
CCE    224
CCE-38119-4
CCE-36628-6
CCE-37888-5
CCE-36858-9
...
*XCCDF
xccdf_org.secpod_benchmark_HIPAA_45CFR_164_Windows_Server_2012_R2

© 2013 SecPod Technologies